CLAIMS 

What is claimed: 

1. A method for automatic installatioii of a digital certificate on a network 
device in a data-over-cable system, the method comprising: 
5 determining whether a digital certificate is installed on the network device; if 

not, 

generating a digital certificate filename on the network device; 
sending a digital certificate request including the digital certificate filename to 
a predetermined network server; 
10 receiving a digital certificate file including at least one digital certificate from 

w the network server; and 

• storing the at least one digital certificate received from the network server on 

the network device. 

O 

f:^ 15 2. A computer readable medium having stored therein instructions for causing 

a processor to execute the method of claim 1 . 

3. The method of claim 1, wherein the network device comprises a cable 
modem, and the network server comprises a Trivial File Transfer Protocol server. 



4. The method of claun 1, wherein the digital certificate comprises an X. 5 09 
security digital certificate. 



5. The method of claim 1, wherem the step of generating a digital certificate 
filename comprises using a type of the network device, a physical address of the 
network device and an authentication data string. 

6. The method of claim 5, wherein the authentication data string is generated 
on the network device by applying a hash function to at least one configuration setting 
associated with the network device. 

7. The method of claim 6, wherein the at least one configuration setting 
comprises a MAC address, a serial number or a secret string. 

8. The method of claim 1 , further comprising: 

obtaining a globally routable network address on the network device prior to 
sending the digital certificate request to the network server; and 

employing the globally routable network address for sending the digital 
certificate request to the network server. 

9. The method of claim 8, wherein the step of obtaining the globally routable 
network address on the network device comprises: 

retrieving network address information from at least one data packet sent from 
at least one customer entity; and 

obtaining a physical address of a network gateway associated with the at least 
one customer entity. 



10. The method of claim 9, wherein the network address information 
comprises on Internet Protocol address and a Medium Access Control address 
associated with the customer entity. 

1 1 . The method of claim 1 , further comprising: 

validating the at least one digital certificate received from the network server 
prior to storing the at least one digital certificate on the network device. 

12. The method of claim 1, wherein the at least one digital certificate 
comprises a device digital certificate. 

13. The method of claim 12, wherein the at least one digital certificate further 
comprises a network device manufacturer digital certificate. 

14. A method for providing digital certificates to at least one network device 
in a data-over-cable system, the method comprising: 

receiving a digital certificate request including a digital certificate filename on 
a network server from a network device; 

authenticating the request on the network server using at least one parameter 
specified in the digital certificate filename; 

generating at least one digital certificate for the network device; and 

providing the at least one digital certificate fi-om the network server to the 
network device. 
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15. A computer readable medium having stored therein instructions causing a 

processor to execute the method of claim 14. 

16. The method of claim 14, wherein the filename comprises a type of the 
network device, a physical address of the network device, and authentication data 
string generated on the network device. 

17. The method of claim 16, wherein the step of authenticating the request 
using the at least one parameter specified in the digital certificate filename comprises: 

generating an authentication data string on the network server; and 
comparing the authentication string generated on the network server with the 
authentication data string specified in the received digital certificate filename. 

18. The method of claim 14, wherein the network server comprises a Trivial 
File Transfer Protocol server. 

19. The method of claim 14, wherein the at least one digital certificate for the 
network device is generated on the network server. 

20. The method of claim 14, further comprising: 

requesting a digital certificate firom a second network server upon receiving 
the digital certificate request from the network device; and 

receiving the digital certificate on the network server fi-om the second network 
server, wherein the second network server comprises a certificate authority server. 
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21. A system for dynamic digital certificate installation in a data-over-cable 
network, the system comprises, in combination: 

a network device configured to request a digital certificate from a 
predetermined network server; and 

the network server configured to dynamically generate a digital certificate 
upon receiving a digital certificate request from the network device, and further 
configured to provide the digital certificate to the network device. 

22. The system of claim 21, wherein the network device comprises a cable 
modem, and the network server comprises a Trivial File Transfer Protocol ("TFTP") 



,p 23. The system of claim 21, wherein the network server's address is installed 

o 

fy 15 on the network device prior to requesting the digital certificate firom the 
predetermined network server. 

24. The system of claim 21, wherein the network device is further arranged to 
install the digital certificate in a memory unit upon receiving the digital certificate 

20 from the network server. 

25. The system of claim 21, wherein the digital certificate comprises an X.509 
certificate. 
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